🔥 3-day streak
ISC2 CISSP — Certified Information Systems Security Professional122 / 129
Question 122 of 129

A financial services company is hardening its remote-access authentication. Currently users log in with a password and a one-time code sent to a hardware token. Security wants to add a third element so that authentication requires something the user knows, something the user has, and something the user is. Which additional element correctly satisfies the missing authentication factor category?

Reviewed for accuracy · Report an issueNext question